Manualshelf

HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
21222324252627282930
Firewalls
A firewall is a system that is placed between two networks to control what traffic can
pass between those networks. A firewall is usually placed between the Internet and
your company intranet. It can be viewed as a useful point of policy enforcement through
which you can decide what network traffic is and is not permitted to pass in and out
of your organization. When deployed correctly, a difficult task in a complex business
environment, a firewall is an efficient tool to prevent attacks on critical systems and
data. However, a firewall connected to the Internet cannot protect against an attack on
systems launched from inside an organization. Often, it cannot stop an attacker inside
your organization from attacking systems on the Internet, that is, your systems can be
used as a springboard to attack another victim.
A further complication in deploying firewalls is that it is difficult to establish clearly
where the boundary exists between inside and outside. At one time, it was obvious
that the Internet was outside and the intranet was inside. However, more and more
corporations are joining their intranets in multiple-partner arrangements, often termed
extranets. If internal and external systems are included under the same extranets, it
becomes difficult to place the firewall at the required location. In such an environment,
some form of continuous security monitoring tool is needed to ensure that critical
systems are not attacked and valuable data is not being pilfered by partners.
Encryption
Encryption is a mathematical technique that prevents unauthorized reading and
modification of data. With encryption, the intended recipients of data can read it, but
no intermediate recipient can read or alter the data. Encryption also authenticates the
sender of a message. It ensures that the claimed sender really is the intended sender
of the message.
In any well-designed cryptographic system, the heart of the security is the key used to
encrypt the message. Knowing this key enables hackers to decrypt any message, alter
it, and retransmit it to the sender. Even if the inner workings of the encryption software
are known, without the key, hackers cannot read or alter messages.
The problem with relying on encryption lies in system vulnerability. In this case, the
weakest link is not the encryption technology but the systems on which the key is
stored. How can you be sure that the program you are using to encrypt data has not
saved your key to a temporary file on your disk, from which an attacker can later
retrieve it? If attackers gain access to your key, not only can they decrypt your data,
they can impersonate you and send messages claiming to be signed only by you.
Encryption does not protect data while it is in the clear (not encrypted) as you process
it, for example, preparing a document for printing. Moreover, encryption cannot protect
your systems against denial-of- service attacks. Despite all the advantages of encryption,
it is only part of an overall security solution.
24 Introduction